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(54) DATA PROCESSING SYSTEM, DATA PROCESSING DEVICE AND DATA PROCESSING 
METHOD 



(57) A first information processing apparatus 1, 
storing a service key and a pre-set function, requests 
the proper identification information from a second infor- 
mation processing apparatus 2, storing the proper iden- 
tification information, a license key, version data 
indicating a version of the license key, and the above 
pre-set function, and applies the function to the identifi- 
cation information and the service key to generate the 
first intermediate key Km. The first information process- 
ing apparatus applies the function to the first intermedi- 
ate key n times to generate a decision key Kmn and to 
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transmit number of times data indicating the number of 
times of application of the function. The second informa- 
tion processing apparatus 2 applies the function to the 
license key (n — Gb) times to generate the second 
intermediate key Klic_n and to transmit the intermediate 
key information R as the information on the second 
intermediate key Klic_n. The first information process- 
ing apparatus authenticates the second information 
processing apparatus 2 based on the decision key Kmn 
and the intermediate key information R. 
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Description 

Technical Field 

[0001] This invention relates to an information s 
processing system, an information processing appara- 
tus and an information processing method. More partic- 
ularly, it relates to an information processing system, an 
information processing apparatus and an information 
processing method that can be used with advantage in w 
the authentication protocol used in copyright protection. 

Background Art 

[0002] It has recently been proposed to interconnect is 
electronic equipments, such as AV equipments or per- 
sonal computers, over an IEEE1394 serial bus, to ena- 
ble reciprocal data transmission/reception. 
[0003] In such system, an act of users in general out- 
putting the reproduced motion picture information from 20 
a DVD player on a monitor over a 1394 digital bus for 
display is permitted to the copyright owner of the motion 
picture information at the time point of purchase of the 
DVD. However, the act of recording the motion picture 
information reproduced from the DVD player on a 25 
recording medium, such as a magneto-optical disc, 
requires a special permission from the copyright owner. 
In such case, the usual practice is to store a key in a 
magneto-optical disc device indicating whether or not 
recording of the motion picture information is permitted 30 
and to use this key to authenticate whether or not the 
magneto-optical disc device is an authentic device, that 
is whether or not the magneto-optical disc deice is an 
apparatus licensed by the copyright owner, so that the 
recording of the motion picture information will be 35 
allowed only for the authenticated magneto-optical disc 
device, in such case, it is necessary to perform authen- 
tication processing between an apparatus transmitting 
the motion picture information, referred to hereinafter as 
a source, and an apparatus receiving the transmitted 40 
motion picture information, referred to hereinafter as a 
sink, in order to verify whether or not the counterpart is 
an authentic apparatus. 

[0004] For copyright protection in such case, a variety 
of authentication systems have been proposed. In an 45 
authentication protocol, used in these authentication 
systems, an encryption algorithm is frequently used. 
[0005] The authentication protocol, employing this 
encryption algorithm, is disclosed in the Japanese Pat- 
ent Applications Nos. H-9-207953 and H-9-210899 enti- so 
tied "Information Processing Apparatus, Information 
Processing Method, Information Processing System 
and Recording Medium", assigned to the present 
Assignee, corresponding to US Ser. No. 09/059,757, 
filed on April 1 4, 1 998 and US. Ser. No. 09/059,81 2 enti- 55 
tied "Information Processing Apparatus, Information 
Processing method, Information Processing System 
and Recording Medium" filed on the same date. Mean- 



while, in nations such as Japan and USA, a ban is 
placed on exporting powerful encryption algorithms. 
Thus, if an encryption algorithm is used in an authenti- 
cation protocol, problems may arise that the system 
cannot be exported or used in the imported systems. 
[0006] It is an object of the present invention to pro- 
vide an information processing system, an information 
processing apparatus and an information processing 
method that are able to perform the authentication pro- 
tocol using a pre-set function. 

Disclosure of the Invention 

[0007] In one aspect, the present invention provides 
an information processing system including a first infor- 
mation processing apparatus and a second information 
processing apparatus. The first information processing 
apparatus includes first storage means for storing a 
service key and a pre-set function, first transmis- 
sion/reception means for transmitting and receiving 
data with the second information processing apparatus, 
first intermediate key generating means for generating a 
first intermediate key by applying the above function to 
the service key and to the identification information 
proper to the second information processing apparatus 
received by the first transmission/reception means from 
the second information processing apparatus, decision 
key generating means for generating a decision key by 
applying the function n times to the first intermediate 
key, number of times data transmitting means for caus- 
ing the first transmission/reception means to transmit to 
the second information processing apparatus the 
number of times data indicating the number of times the 
function is applied by the decision key generating 
means to the first intermediate key, and authentication 
means for authenticating the second information 
processing apparatus by verifying whether or not the 
decision key is equal to the intermediate key information 
received by the first transmission/reception means from 
the second information processing apparatus. The sec- 
ond information processing apparatus includes second 
storage means for storing the proper identification infor- 
mation allocated to itself, a license key generated on 
applying the function to the first intermediate key Gb 
times, where Gb is a natural number, version data indi- 
cating the version of the license key and the pre-set 
function, second transmission/reception means for 
sending and receiving data with the first information 
processing apparatus, second intermediate key gener- 
ating means for generating the second intermediate key 
by applying the function to the license key (n — Gb) 
times, using the number of times data received by the 
first information processing apparatus by the second 
transmission/reception means, and intermediate key 
information transmitting means for causing the second 
transmission/reception means to transmit the intermedi- 
ate key information concerning the second intermediate 
key by the second transmission/reception means to the 



2 



BNSDOCID: <EP 0966127A1_I_> 



3 EP 0 966 127 A1 4 



first information processing apparatus. 
[0008] In another aspect, the present invention pro- 
vides an information processing method in an informa- 
tion processing system made up of a first information 
processing apparatus holding on memory a service key 
and a pre-set function, and a second information 
processing apparatus holding on memory the proper 
identification information allocated to itself, a license key 
generated on applying the function to the first intermedi- 
ate key Gb times, where Gb is a natural number, version 
data specifying the version of the license key, and the 
pre-set function. The information processing method 
includes an identification information requesting step of 
requesting the identification information proper to the 
second information processing apparatus from the first 
information processing apparatus to the second infor- 
mation processing apparatus, an identification informa- 
tion transmission/reception step of transmitting the 
identification information proper to the second informa- 
tion processing apparatus from the second information 
processing apparatus for reception by the first informa- 
tion processing apparatus, a first intermediate key gen- 
erating step of applying the function in the first 
information processing apparatus to the identification 
information proper to the second information processing 
apparatus, - received in the identification information 
transmission/reception step, and on the service key, to 
generate the first intermediate key, a decision key gen- 
erating step of generating a decision key by applying the 
function in the first information processing apparatus to 
the f irst intermediate key n times, where n is an integer, 
a number of times data transmission/reception step of 
transmitting the number of times data indicating the 
number of times the function is applied to the first inter- 
mediate key at the decision key generating step from 
the first information processing apparatus for reception 
by the second information processing apparatus, a sec- 
ond intermediate key generating step of generating a 
second intermediate key Klic_n by applying the function 
to the license key (n — Gb) times using the number of 
times data received by the number of times data recep- 
tion step in the second information processing appara- 
tus, an intermediate key information trans- 
mission/reception step of transmitting the intermediate 
key information as the information concerning the sec- 
ond intermediate key from the second information 
processing apparatus for reception by the first informa- 
tion processing apparatus, and an authentication step 
of authenticating the second information processing 
apparatus by verifying, at the first information process- 
ing apparatus, whether or not the decision key is equal 
to the intermediate key information received at the inter- 
mediate key information transmission/reception step. 
[0009] In a still another aspect, the present invention 
provides an information processing apparatus including 
storage means for storing a service key and a pre-set 
function, transmission/reception means for transmitting 
and receiving data with another information processing 



apparatus, intermediate key generating means for gen- 
erating an intermediate key by applying the function to 
the identification information proper to the other infor- 
mation processing apparatus, received by the reception 

5 means, from sand another information processing 
apparatus, and to the service key, to generate an inter- 
mediate key, decision key generating means for gener- 
ating a decision key by applying the function to the 
intermediate key n times, where n is an integer, number 

10 of times data transmitting means for causing the trans- 
mission/reception means to transmit to the other infor- 
mation processing apparatus the number of times data 
indicating the number of times of application of the func- 
tion to the intermediate key by the decision key generat- 

15 ing means, and authentication means for authenticating 
the other information processing apparatus by verifying 
whether or not the decision key and the intermediate 
key information received by the transmission/reception 
means from the other information processing apparatus 

20 are equal to each other. 

[0010] In a still another aspect, the present invention 
provides an information processing method including an 
identification information reception step of requesting 
the identification information proper to another informa- 

25 tion processing apparatus to the other information 
processing apparatus to receive the identification infor- 
mation, a first intermediate key generating step of gen- 
erating a first intermediate key by applying a pre-set 
function to the identification information proper to the 

30 other information processing apparatus and the service 
key received by the identification information reception 
step, a decision key generating step of generating a 
decision key by applying the function to the first interme- 
diate key n times, n being an integer, a number of times 

35 data transmitting step of transmitting to the other infor- 
mation processing apparatus the number of times data 
indicating the number of times of application of the func- 
tion to the first intermediate key at the decision key gen- 
erating step, an intermediate key information receiving 

40 step of receiving the intermediate key information gen- 
erated based on the number of times data by the other 
information processing apparatus, and an authentica- 
tion step of authenticating the other information 
processing apparatus by verifying whether or not the 

45 decision key is equal to the intermediate key information 
received by the intermediate key information receiving 
step. 

[0011] In still another aspect, the present invention 
provides an information processing apparatus including 

so storage means for storing the proper identification infor- 
mation assigned to itself, a license key generated by 
applying a pre-set function Gb times, Gb being a natural 
number, to a first intermediate key, version data specify- 
ing the license key and the pre-set function, transmis- 

55 sion/reception means for transmitting and receiving 
data with another information processing apparatus, 
second intermediate key generating means for generat- 
ing a second intermediate key by applying the function 
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to the license key (n — Gb) times using the number of 
times data received from the other information process- 
ing apparatus by the transmission/reception means, 
and intermediate key information transmitting means for 
transmitting the intermediate key information as the 
information on the second intermediate key by the sec- 
ond transmission/reception means. 
[0012] In yet another aspect, the present invention 
provides an information processing method including an 
identification information transmitting step of transmit- 
ting the proper identification information assigned to 
itself to another information processing apparatus, a 
number of times data receiving step of receiving from 
the other information processing apparatus number of 
times data n, where n is an integer, of applying a pre-set 
function to the identification information and to a service 
key for generating the first intermediate key in the other 
information processing apparatus, a second intermedi- 
ate key generating step of generating a second interme- 
diate key Klic_n by applying the function (n — Gb) 
times, using number of times data received in the 
number of times data receiving step, to a license key 
generated by applying the function Gb times to the first 
intermediate key, Gb being a natural number, and an 
intermediate key information transmission/reception 
step of transmitting the intermediate key information as 
the information on the second intermediate key. 

Brief Description of the Drawings 

[0013] 

Fig.1 is a block diagram showing an illustrative 
structure of an information processing system 
embodying the present invention. 

Fig. 2 is a block diagram showing a specified illus- 
trative structure of the interior of a DVD player, a 
personal computer and a magneto-optical disc 
apparatus in the information processing system. 

Fig. 3 illustrates the sequence of authentication car- 
ried out between the source and the sink in the 
information processing system. 

Fig.4 is a timing chart for illustrating the basic 
sequence of the authentication information 
processing system. 

Fig. 5 is a timing chart showing the sequence of the 
specified authentication protocol information 
processing system. 

Fig.6 is a timing chart for illustrating the sequence 
of another authentication protocol performed 
between the source and the sink. 



Best mode for Carrying out the Invention 

[0014] Referring to the drawings, the best mode for 
carrying out the present invention is explained in detail. 

5 [001 5] The present invention is applied to the informa- 
tion processing system shown for example in Fig.1 . 
[001 6] The information processing system is made up 
of a DVD player 1 , a personal computer 2, a magneto- 
optical disc device 3, a data broadcast receiving appa- 

io ratus 4, a monitor 5 and a television receiver 6. 

[0017] Fig. 2 shows a specified illustrative internal 
structure of the DVD player 1 , personal computer 2 and 
the magneto-optical disc device 3. 
[0018] The DVD player 1 includes a CPU 21, a ROM 

15 22, a RAM 23, an actuating unit 24, a drive 25. a 1394 
interface 26 and an EEPROM 27. 
[0019] This DVD player 1 is connected via the 1394 
interface 26 to an IEEE 1394 serial bus 11. The CPU 21 
executes a variety of processing operations in accord- 

20 ance with the program stored in the ROM 22. The RAM 
23 stores data, programs etc necessary in executing the 
various processing operations. The actuating unit 24 is 
made up of a button, a switch, a remote controller etc 
and outputs signals associated with actuations by the 

25 user. The driver 25 drives a DVD, not shown, to repro- 
duce the data stored therein. The EEPROM 27 is 
adapted to store the information required to be stored 
afer power down of the apparatus, such as the key infor- 
mation. 

30 [0020] The magneto-optical disc device 3 includes a 
CPU 31, a ROM 32, a RAM 33, an actuating unit 34, a 
driver 35, an 1394 interface 36 and an EEPROM 37 etc 
interconnected over an internal bus 38. The CPU 31, a 
ROM 32, a RAM 33, an actuating unit 34,a drive 35, an 

35 1 394 interface 36, EEP ROM 37 and the internal bus 38, 
making up the magneto-optical disc device 3, perform 
the functions equivalent to those of the CPU 21, ROM 
22, RAM 23, actuating unit 24, drive 25, actuating unit 
24, 1394 interface 26, EEPROM 27 and the internal bus 

40 28, and detailed description thereof is not made for sim- 
plicity. However, the drive 35 is adapted to drive a mag- 
neto-optical disc, not shown, for recording/reproducing 
data therein. 

[0021 ] The personal computer 2 includes a CPU 41 , a 
45 ROM 42, a RAM 43, an input/output interface 44, a 1394 
interface 49, and an EEPROM 50, interconnected over 
an internal bus 51 , and a keyboard 45, a mouse 46, a 
hard disc drive (HDD) 47 and an extension board 48, 
connected to the input/output interface 44. 
so [0022] This personal computer 2 is connected to the 
IEEE 1394 serial bus 1 1 over the 1394 interface 49. The 
CPU 41 executes a variety of processing operations in 
accordance with the program stored in the ROM 42. 
The ROM 43 has stored therein data or programs nec- 
55 essary to execute the various processing operations. 
The input/output interface 44 is adapted to output to the 
CPU 41 the input signals from the keyboard 45 or the 
mouse 46. The input/output interface 44 is adapted to 
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record/reproduce the data or the program from the hard 
disc drive (HDD) 47. On the input/output interface 44 
can be attached the extension board 48 to supplement 
necessary functions rf desired. The EEPROM 50 is 
adapted to store the information required to be stored 
even after power down, such as the key information. 
The internal bus 51 is constituted by, for example, PCI 
(Peripheral Component Interconnect) or a local bus. 
[0023] Meanwhile, the internal bus 51 is opened for a 
user, such that the user is able to receive data transmit- 
ted over the internal bus 51 by connecting a pre-set 
board to the extension board 48 or by generating a pre- 
set software program to install the generated program in 
the CPU 41. 

[0024] Conversely, with a consumer electronic device 
(CE), such as the DVD player 1 or the magneto-optical 
disc 3, the internal bus 28 or 38 is not opened to the 
user, such that, failing special remodelling, the user is 
unable to acquire the transmitted data. 
[0025] The data exchange between the source and 
the sink is now explained. 

[0026] The authentication processing for copyright 
protection is stored in a firmware 20, as one of the soft- 
ware programs stored from the outset in the ROM 22 of 
the DVD player 1 , and a ROM 42 of, for example, the 
personal computer 2, and is executed before actual 
data exchange with a license manager 62 as one of the 
software programs processed by the CPU 41 . 
[0027] The personal computer 2 usually can be used 
with an optional program loaded thereon. There are 
occasions wherein an illicitly prepared application pro- 
gram is used. Thus, the present personal computer 2 is 
adapted to perform the authentication processing 
between the application unit 61 and the license man- 
ager 62 from one loaded application program to 
another. In this case, the license manager 62 and the 
application unit 61 operate as the source and the sink, 
respectively. 

[0028] If the authentication processing is performed to 
confirm that the sink is an optimum one, encrypted real 
data is transferred from the source to the sink where the 
encrypted real data are decoded. 
[0029] That is. the picture data, as real data outputted 
by the DVD player 1 , as the source, is transmitted over 
the serial bus 11 for decoding. 

[0030] In the DVD player 1 , encryption is performed in 
the 1394 interface 26 in the DVD player 1 using a ses- 
sion key Ss and a time change key i, more correctly, a 
key i' for forming the time change key i. This session key 
Ss and the time change key i, more correctly, a key P for 
forming the time change key i, are sent from the 
firmware 20 to the 1394 interface 26. 
[0031 ] The session key Ss is made up of an initial key 
Ss, used as an initial key, and a disturbing key Si used 
for disturbing the time change key i. The session key Ss 
and the time change key i are constituted using upper 
and lower bits of the encrypting key sk ^sk^ of a pre-set 
number of bits generated by the authentication process- 



K6127A1 8 

ing as later explained. This session key S, updated 
every session, for example, every motion picture infor- 
mation or every reproducing event, is not changed 
within the same session. Conversely, the time change 

5 key i made up of the disturbing key Si and the key i', is 
updated frequently in one session. For example, the 
time information etc is used as this key. 
[0032] The real key, thus encrypted, is transmitted via 
IEEE 1394 serial bus 1 1 and received by the 1394 inter- 

io face 49 of the personal computer 2. In the personal 
computer 2, the license manager 62 sends the initial 
value key Ss of the session key S to the application unit 
61, while sending the disturbing key Si and the time 
change key i (more correctly, the key i' for generating the 

75 time change key i) to the 1394 interface 49. In the 1394 
interface 49, the time change key i is generated from the 
disturbing key Si and the key i' and is used to perform 
the first-stage decoding. The decoded real-data are 
second-stage-decoded in the application unit 61 using 

20 the session key S (more correctly, the initial value key 
Ss). 

[0033] In the personal computer 2, since the internal 
bus 51 is opened to the user, data in the internal bus 51 
tends to be accessed from outside to raise an inconven- 

25 ience. Therefore, only the first-stage decoding is done in 
the application unit 61 , with the real data being still in 
the encrypted state. The application unit 61 then per- 
forms second-stage decoding to give a completely 
decrypted plane sentence. Tis prohibits the data 

30 exchanged in the internal bus 51 from being copied on 
the hard disc 47 or other device. 
[0034] Fig. 4 shows the basic sequence of the authen- 
tication processing performed between the source 
(DVD player 1) and the sink (personal computer 2). 

35 [0035] In the EEPROM 27 of the DVD player 1 , as the 
source, there are pre-stored a service key 
(Service_key) and hash functions (H1, H2). These are 
accorded to the user of the DVD player 1 by the copy- 
right owner and are kept in confidentiality in the EEP- 

40 ROM 1 1 . 

[0036] The service key is given from one information 
purveyed by the copyright owner 
to another and is common in the system constituted by 
the IEEE 1394 serial bus 1 1. 

45 [0037] The hash function is such a function which out- 
puts data of fixed length, such as 64 bit data or 128 bit 
data, tor input data of an optional length and in which, if 
y (=hash(x)) is given, it is difficult to find x and it is also 
difficult to find a set of x1 and x2 such that 

so hash(x1) = hash(x2) . Typical of known unidirectional 
hash functions are MD (message Digest) 5 and 
SHA(Soecure Hash Algorithm). This unidirectional hash 
function is discussed in detail in Bruce Schneier, 
"Applied Cryptography (Second Edition". 

ss [0038] In the personal computer 2, as the source, 
there are kept in confidentiality the identification number 
IS proper to itself, a license key (license_key), hash 
functions (H1 , H2) and data Gb indicating the version of 
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the license key (license_key). 

[0039] The license key (license_key) is a value 
obtained on applying the hash function H1 Gb times to 
a coupling data (ISfl Service_key) obtained on coupling 
n-bit identification number (ID) to in-bit service key 
(Service_key). That is, the license key (license_key) is 
expressed by the following equation: 

license_key = H1 A Gb(ID||Service_key) 

where H1*Gb indicates application of the hash function 
Gb times. 

[0040] As the identification number (ID), 

node_unique_ID, specified in, for example, the standard 
for the IEEE 1394 serial bus 11, may be used. This 
node_unique_ID is constituted by 8 bytes (64 bits), of 
which the upper three bytes are managed by the IEEE 
and accorded proper values from the IEEE for different 
manufacturers of the electronic equipments, and the 
lower five bytes can be accorded by the respective man- 
ufacturers to the apparatus furnished to the users. The 
respective manufacturers serially accord a number to 
each apparatus for the lower five bytes and, if the five 
bytes have been used up, the respective manufacturers 
are accorded node_uniqueJD 

the upper order three bytes present different numbers, 
so that the lower five bytes thereof are used to 
assign a number to each apparatus. Therefore, this 
node_unique_ID differs from apparatus to apparatus, 
irrespective of the manufacturers, and is unique to each 
apparatus. 

[0041] Referring to Fig. 4, the authentication process- 
ing, executed prior to transmission and reception of real 
data, is explained. 

[0042] At step S1 , the license manager 62 of the per- 
sonal computer 2 controls the 1394 interface 49 to 
transmit the authentication request to the DVD player 1 
over the IEEE 1394 serial bus 1 1 . 
[0043] At step S2, the firmware 20 of the DVD player 
1 receives the authentication request. At the next step 
S3, the firmware 20 requests the identification number 
(ID) to the personal computer 2 to execute the authenti- 
cation processing. 

[0044] At step S4, the license manager 62 of the DVD 
player 1 receives the request for identification (ID) and, 
in response thereto, reads out the identification number 
(ID) stored in the EEPROM 50 to send the read-out 
identification number to the DVD player 1 . 
[0045] At step S6, the firmware 20 of the DVD player 
1 receives the identification number (ID). At step S7, the 
firmware 20 reads out the license key (license_key) 
stored in the EEPROM 27 to connect the received iden- 
tification number (ID) to the license key (license_key) to 
generate the coupling data of which upper bits are iden- 
tification numbers (ID) and lower bits are license key 
(license_key). The firmware 20 then applies the hash 
function H1 to the generated coupling data (IDq 
Service__key) by: 



Km = H1 (ID||Service_key) 
to generate a key Km. 

[0046] At the next step S8, the firmware 20 of the DVD 
5 player 1 selects a variable n which will satisfy 0 £ n £ C1 , 
where n, pre-set so as to satisfy 0 £ n £ C1 , need not be 
selected at step S8. C1 is a constant pre-set in the sys- 
tem. At step S9, the firmware 20 applies the hash func- 
tion H1 n times for the key Km generated at step S7 as 
io shown by the following equation: 

Km_n = H1 A n(Km) 

to generate the key Km_n. It is noted that H1 A n denotes 
75 that the hash function H1 is applied n times, such that, 
for n = 0, Km_n= Km. Also, at step S31, the firmware 
20 generates a random number Na. At step S10, the 
firmware 20 sends a variable n to the personal compu- 
ter 2. 

20 [0047] At step S1 1 , the license manager 62 of the per- 
sonal computer 2 receives the variable n at step S34, 
then applies the hash function H1 to the license key 
(license_key) stored in the EEPROM 50 (n — Gb) 
times, as indicated by the following equation: 

25 

Klic_n = Hl A n(n — Gb) (license_key) 
to generate the key Klic_n. 

[0048] Meanwhile, n in (n — Gb) is the variable n 
30 received at step S1 1 , while Gb is the information speci- 
fying the version of the license key (license_key) stored 
in the EEPROM 50 of the personal computer 2. As dis- 
cussed in the foregoing, the license key (license_key) is 
generated on applying the hash function H1 Gb times to 
35 the coupling data (ID|jService_key))obtained on cou- 
pling the n-bit identification number (ID) to the m bit 
service key (Service_key). Therefore, the key Klic_n, 
generated on applying the hash function (n — Gb) times 
to the license key (license_key), is Klic_n = license_key 
40 for (n — Gb) =0 , such that, for (n — Gb) ^ 0, the key 
Klic_n is equal to Km_n. obtained on applying the hash 
function H1 to the coupling data (IDuService_key)) n 
times. 

[0049] If (n — Gb) < 0, the operation is tantamount to 
45 applying the hash function a negative number of times, 
that is to finding the inverse function of the hash func- 
tion, as described above. However, it is difficult to find 
the inverse function of the hash function, as discussed 
above. Therefore, if (n — Gb) < 0, it is practically impos- 
50 sible to generate the key Klic_n. Thus, if this property is 
used, it is possible to manage the version information 
Gb of the license key (license_key). For example, if an 
equipment having a high secrecy-keeping function and 
an equipment having a low secrecy-keeping function 
55 are present as a sink-side device, "1" and "2" are 
accorded as the version information Gb of the license 
key (license_key) to the equipment having a high 
secrecy-keeping function and to the equipment having a 
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low secrecy-keeping function, respectively. If the license 
key (license_key) of Gb = 2 accorded to the equipment 
having a low secrecy-keeping function is discovered by 
an unauthorized user, the source side can select "1" for 
the variable n whereby (n — Gb) < 0 for the equipment 5 
having a low secrecy-keeping function which thus is 
unable to generate the key Klic_n so that it is not 
authenticated. 

[0050] Therefore, if the higher-order license key 
(license_key) with a larger value of the version informa- 10 
tion Gb is accorded to the equipment having a low 
secrecy-keeping function, so that, if the license key 
(license_key) has become apparent, the processing for 
setting the sink having the higher-order license key out 
of the range of authentication can be carried out on the 15 
source side by selecting the variable n. 
[0051 ] At step S1 3, the license manager 62 applies to 
the keydash function H2, having the key Klic_n as the 
key, the data (NaflNb) of which the upper bits are of a 
first value Na and lower bits are of a second value Nb, to 20 
generate a response R such that 

R = Keydash H2 (Klic_n ( Na[|Nb). 

[0052] Meanwhile, the Keydash function is a hash 25 
function having a key, such that Keydash H2(Klic_n, Nafl 
Nb) indicates that the above data (NauNb) is entered to 
the keydash function H2 having Klic_n as a key. 
[0053] At step Si 4, the license manager 62 sends the 
response R to the DVD player 1 . 30 
[0054] The firmware 20 of the DVD player 1 at step 
S1 5 receives the response R sent from the license man- 
ager 62. At step S16, the firmware 20 verifies whether 
or not the response R\ obtained on applying the data 
(NauNb), of which the upper bits are of a first value Na ss 
and lower bits are of a second value Nb, to the keydash 
function H2 generated at step S9, is equal to the 
response R received at step S15. 
[0055] If the key Km_n generated at step S9 is equal 
to the key Klic_n generated at step S1 3 , the response R' 40 
generated at step S16 is equal to the response R 
received at step S15. 

[0056] If the generated response R' is not equal to the 
received response R, the firmware 20 verifies that the 
license manager 62 of the personal computer 2 is not 45 
asthenic to destruct the received response R to termi- 
nate the authentication processing. 
[0057] Conversely, if the generated response R' is 
equal to the received response R, the firmware 20 
authenticates the received response. so 
[0058] Fig.5 shows the sequence of specified authen- 
tication to be executed between the source (DVD player 
1) and the sink (personal computer 2). 
[0059] In the EEPROM 27 of the DVD player 1 as the 
source, the service key (Service_key) and the hash 55 
function (H1 , H2 t H3) are stored from the outset. These 
have been accorded by the copyright owner to the user 
of the DVD player 1 and kept in confidentiality in the 



EEPROM 27. 

[0060] The service key is accorded by the copyright 
owner and is common to the system constructed by the 
IEEE 1394 serial bus 11. 

[0061 ] In the personal computer 2, as a sink, the iden- 
tification number proper to itself, the license key 
(license_key), hash functions (H1 , H2, H3), and data Gb 
indicating the version of the license key (license_key), 
are kept in confidentiality in the EEPROM 50. 
[0062] The license key (license-key) is given by 

license_key = H1 A Gb (ID[|Service_key) 

where H1 A Gb means that the hash function hi is 
applied Gb times. That is, the license key (license_key) 
is a value obtained on applying the hash function H1 Gb 
times to the n+m bit coupling data (ID|]Service_key) 
obtained on coupling n-bit identification number (ID) to 
m-bit service key (Service_key). 
[0063] As the identification number(ID), 

node_uniqueJD, prescribed in the standard of the IEEE 
1394 serial bus 1 1, is used. 

[0064] The specified processing for authentication 
performed prior to transmission and reception of real 
data is explained with reference to Fig.5. 
[0065] At step S21 , the license manager 62 of the per- 
sonal computer 2 generates a random number Nb. At 
step S22, the license manager 62 controls the 1394 
interface 49 to transmit the generated random number 
Nb and the version information Gb over IEEE 1394 
serial bus 1 1 to the DVD player 1 along with the request 
for authentication. 

[0066] At step S23, the firmware 20 of the DVD player 
1 receives the random number Nb and the version infor- 
mation Gb along with the request for authentication. At 
the next step S24 t the firmware 20 requests the identifi- 
cation number (ID) to the personal computer 2. _ 
[0067] At step S25, the license manager 62 of the per- 
sonal computer 2 receives the request for the identifica- 
tion number (ID) and, in response thereto, reads out the 
identification number (ID) stored in the EEPROM 50 to 
send the read-out identification number to the DVD 
player 1 . 

[0068] At step S27, the firmware 20 of the DVD player 
1 receives the identification number (ID). At step S28, 
the firmware 20 reads out the license key (license_key) 
stored in the EEPROM 27 to connect the received iden- 
tification number (ID) to the license key (license_key) to 
generate the coupling data of which upper bits are iden- 
tification numbers (ID) and lower bits are license key 
(license_key). The firmware 20 then applies the hash 
function H1 to the generated coupling data (IDq 
Service_key) by: 

Km = HI (IDoService_key) 

to generate a key Km. 

[0069] At the next step S29, the firmware 20 of the 
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DVD player 1 selects a variable n which will satisfy 0 £ n 
£ C1 , where n, pre-set so as to satisfy 0 n £ C1 , need 
not be selected at step S29. C1 is a constant pre-set in 
the system. At step S30, the firmware 20 applies the 
hash function H1 n times for the key Km generated at 
step S7 as shown by the following equation: 

Km_ n = H1 A n(Km) 

to generate the key Km_n. It is noted that H1 A n denotes 
that the hash function H1 is applied n times, such that, 
for n =0. Km_n = Km . Also, at step S31, the firmware 
20 generates a random number Na. At step S32, the 
firmware 20 sends the random number Na and the var- 
iable n to the personal computer 2. 
[0070] At step S33 ( the license manager 62 of the per- 
sonal computer 2 receives the random number Na and 
the variable n at step S34, then applies the hash func- 
tion H1 to the license key (license_key) stored in the 
EEPROM 50(n — Gb) times, as indicated by the follow- 
ing equation: 

KIic_n = H1 A (n — Gb) (license_key) 

to generate the key Klic_n. 

[0071] Meanwhile, n in (n — Gb) is the variable n 
received at step S1 1 , while Gb is the information speci- 
fying the version of the license key (license_key) stored 
in the EEPROM 50 of the personal computer 2. As dis- 
cussed in the foregoing, the license key (license_key) is 
generated on applying the hash function H1 Gb limes to 
the coupling data(ID||Service__key)) obtained on cou- 
pling the n-bit identification number (ID) to the m bit 
service key (Service_key). Therefore, the key Klic_ n, 
generated on applying the hash function (n — Gb) times 
to the license key (license_key), is Klick_n = 
licencse_key for (n — Gb) = 0 , such that, for (n — Gb) 
^ 0, the key KIic_n is equal to Km_n, obtained on apply- 
ing the hash function H1 to the coupling data (ID|] 
Service_key)) n times. 

[0072] If (n — Gb) < 0, the operation is tantamount to 
applying the hash function a negative number of times, 
that is to finding the inverse function of the hash func- 
tion. However, it is difficult to find the inverse function of 
the hash function, as discussed above. Therefore, if (n 
— Gb) < 0, it is practically impossible to generate the 
key Klic_n. Thus, if this property is used, it is possible to 
manage the version information Gb of the license key 
(license_key). For example, if an equipment having a 
high secrecy-keeping function and an equipment having 
a low secrecy-keeping function are present as a sink- 
side device, n V and "2" are accorded as the version 
information Gb of the license key (license_ key) to the 
equipment having the high secrecy-keeping function 
and to the equipment having the low secrecy-keeping 
function, respectively. If the license key (license_key) of 
Gb = 2 accorded to the equipment having the low 
secrecy-keeping function is discovered by an unauthor- 



ized user, the source side can select "1 " for the variable 
n whereby (n — Gb) < 0 for the equipment having the 
low secrecy-keeping function such that the equipment is 
unable to generate the key Klic_n and hence is not 

5 authenticated. 

[0073] Therefore, if the higher-order license key 
(license_key) with a larger value of the version informa- 
tion Gb is accorded to the equipment having a low 
secrecy-keeping function, so that, if the license key 

10 (license_key) has become apparent, the processing for 
setting the sink having the higher-order license key out 
of the range of authentication can be carried out on the 
source side by selecting the variable n. 
[0074] At step S35, the license manager 62 applies to 

15 the keydash function H2 t having the key Klic_n as the 
key, the coupling data (Na||Nb), obtained on coupling the 
random number Na received at step S33, to the random 
number Nb, generated at step S21, to generate a 
response R such that 

20 

R = Keydash H2 (Klic_n, NaflNb). 

[0075] Meanwhile, the Keydash function is a hash 
function having a key, such that Keydash H2(Klic_n, Nail 
25 Nb) indicates that the above data (Na|]Nb) is to be 
entered to the keydash function H2 having Wic_n as a 
key. 

[0076] At step S36, the license manager 62 sends the 
response R to the DVD player 1 . 

30 [0077] The firmware 20 of the DVD player 1 at step 
S37 receives the response R sent from the license man- 
ager 62. At step S38, the firmware 20 verifies whether 
or not the response R\ obtained by applying the cou- 
pling data (Na[|Nb) obtained on coupling the random 

35 number Na at step S31 to the random number Nb 
received at step S3, to the keydash function H2 gener- 
ated at step S30, is equal to the response R' received at 
step S37. 

[0078] If the key Km_n generated at step S30 is equal 
40 to the key Klic__n generated at step S34, the response R' 
generated at step S38 is equal to the response R 
received at step S37. 

[0079] If the generated response R* is not equal to the 
received response R, the firmware 20 verifies that the 

45 license manager 62 of the personal computer 2 is not 
asthenic to destruct the received response R to termi- 
nate the authentication processing. 
[0080] Conversely, if the generated response R' is 
equal to the received response R, the firmware 20 

so authenticates the received response. 

[0081 ] At this step S39, the firmware couples the key 
Km_n, generated at step S30, the random number Na, 
generated at step S31, and the random number Nb, 
received at step S31 , to generate coupling data (Km_nfl 

55 NaflNb) to which the hash function H3 is applied as 
shown by the following equation: 

Kab = H3(Km_nflNagNb) 
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to generate the key Kab. 

[0082] At the next step S40, the firmware 20 gener- 
ates the session key sk. The firmware 20 at step S41 
encrypts the session key sk by the key Kab generated at 
step S39 by the calculations of the following equation: 

X = Enc(Kab, sk) 

to generate encrypted data (encrypted key) X. Enc(A, 
B) indicates that data B is encrypted, using a key A, in 
the common key encryption system. At step S42, the 
firmware 20 sends the generated encryption key X to 
the personal computer 2. 

[0083] The license manager 62 of the personal com- 
puter 2 at step S43 receives the encryption key X. At 
step S44, the license manager 62 couples the key 
Klic_n, generated at step S34, random number Na 
received at step S33 and the random number Nb gener- 
ated at step S21, to generate coupling data (KlicjiyNafl 
Nb), to which the hash function H3 is applied as indi- 
cated by the following equation: 

Kab' = H3(Km„n)flNaflNb) 

to generate the key Kab'. 

[0084] At the next step S45, the license manager 62 
decodes the encryption key X, received at step S43, by 
the key Kab' generated at step S44, to calculate the 
session key sk' in accordance with the following equa- 
tion: 

sk' = Dec(Kab\ X) 

in which Dec(A, B) means decoding data B using the 
key A in the common key encrypting system. Mean- 
while, as the encryption algorithm in the common key 
encrypting system, there is known the DES (Data 
Encryption Standard). Also, the common key encrypting 
system is discussed in detail in the above-mentioned 
"Applied Cryptography (Second Edition), Wiley". 
[0085] The key Kab, generated by the firmware 20 of 
the DVD player 1 at step S39, has the same vale as the 
key Kab' generated by the license manager 62 of the 
personal computer 2 at step S44. That is, the following 
equation: 

Kab = Kab' 

holds. 

[0086] Therefore, the session key sk' t obtained on 
decoding the encryption key X by the license manager 
62 of the personal computer 2 at step S45 has the same 
value as the session key sk generated by the firmware 
20 of the DVD player 1 at the above step S40. That is, 
the following equation: 

sk* = sk 



holds. 

[0087] Thus, the firmware 20 of the DVD player 1 
(source) and the license manager 62 of the personal 
computer 2 (sink) can furnish the same session keys sk, 
5 sk'. Therefore, the session key can directly be used as 
an encryption key, or respective pseudo-random num- 
bers can be created from this and used as encryption 
keys. 

[0088] Since the license key (license_key) is gener- 
ic ated on the basis of the identification numbers (IDs) 
proper to the respective apparatus and the service key 
(Service_key) for the furnished information, so that it is 
not possible for a third apparatus to produce session 
keys sk or sk\ On the other hand, an apparatus not 
15 authorized by the copyright owner is not provided with a 
license key (license_key) and hence us unable to gen- 
erate the session key sk or sk'. Therefore, if the DVD 
player 1 encrypts the real data using the session key sk 
to transmit the encrypted real data to the personal com- 
20 puter 2, and the personal computer 2 has appropriately 
acquired the license key (license_key), the personal 
computer 2 owns the session key sk* obtained on 
decoding the encryption key X, so that it can decode the 
encrypted real data transmitted from the DVD player 1 . 
25 However, if the personal computer 2 is not an author- 
ized one, it cannot decode the transmitted encryption 
key X. stated differently, only the authorized device can 
generate common keys sk, sk', thus realizing the 
authentication. 

30 [0089] If the license key (license_ key) of the sole per- 
sonal computer 2 is stolen, the identification number 
(ID) differs from one personal computer to another, so 
that it is not possible for the unauthorized device to 
decode the encrypted real data transmitted from the 

35 DVD player 1 , thus improving the safety. 

[0090] In the above-described embodiment, plural 
hash functions are used. However, a sole hash function 
can also be used. Referring to the timing chart of Fig.6, 
the procedure of authentication is now explained, taking 

40 an example of using a MD (message digest) widely 
used as a hash function. 

[0091 ] The MD5 processes the number of bits of input 
data every 512 X m — 64 bits, where m = 1,2, • • • , to 
output 128 bits of output data. This MD5 is discussed in 
45 detail in the above-mentioned "Applied Cryptography 
(Second Edition), Wiley". 

[0092] In the procedure of authentication, shown in 
Fig.6, the processing from step S51 to step S57 is simi- 
lar to that from step S21 to S27 in the procedure of 
so authentication processing shown in Fig. 5 and hence is 
not explained specifically. 

[0093] At step S58, the firmware 20 of the DVD player 
1 couples the constant E1, identification number (ID) 
received from the personal computer 2, and the service 
55 key (Service_key) stored in the EEPROM 27, to gener- 
ate coupling data (E1 |ID|jService_key) to apply the hash 
function MD5 to the coupling data (ElQlDflService_key) 
as indicated by the following equation: 
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Km = MD5 (E|]ID||Service_key) 
to generate the key Km. 

[0094] It is noted that the constant E1 is set in com- 
mon in the system from the outset. The same holds for 
the constants E2 to E4 as later explained. These con- 
stants E1 to E4 are held in confidentiality in each sys- 
tem. 

[0095] If, in the above-mentioned equation for finding 
the key Km, the constant E1 is 256 bits, the identifica- 
tion (ID) number is 64 bits and the service key 
(Service_key) is 128 bits, the total number of bits of the 
coupling data obtained on coupling these bits is 448 
bits. By application of the hash function MD5, this cou- 
pling data (E1[|ID||Service_key) is compressed to 128 
bits to operate as the key Km. 

[0096] At the next step S59, the firmware 20 of the 
DVD player 1 selects a variable n satisfying the relation 
0 £ n £ C1. This selection of the variable n is the 
processing similar to that at step S29. The firmware 20 
at step S60 couples the constant E2 to the key Km gen- 
erated at step S58 to apply the hash function MD5 n 
times to the generated coupling data (E2||Km) as indi- 
cated by the following equation: 

Km_n = MD5 A n(E2|[Km) 

to generate the key Km_n. Meanwhile, MD5 A denotes 
that the hash function MD5 is applied n times such that 
Km_n = (E2||Km) for n = 0. 

[0097] In the above equation for finding the key Km_n, 
the key Km is the 1 28-bit data, so that, by setting the 
constant E2 to 320 bits, the total number of bits of the 
coupling data (E2[|Km) is 48 bits. By applying the hash 
function MD5, the coupling data (E2||Km) is compressed 
to 128 bits to give the key Km_n. 
[0098] The firmware 20 at step S61 generates the ran- 
dom number Na. At step S62, the firmware 20 sends the 
random number Na generated at step S62 and the var- 
iable n selected at step S59 to the personal computer 2. 
[0099] At step S63, the license manager 62 of the per- 
sonal computer 2 receives the random number Na and 
the variable n. The license manager 62 at step S64 
applies the hash function MD5 (n — Gb) times to the 
license key (license_key) stored in the EEPROM 50 to 
generate the key Klic_n. 

[0100] In this case, Klic_n = license key for(n 
— Gb) = 0 , as explained at step S34 in the authentica- 
tion procedure shown in Fig.5, such that, if(n — Gb) < 0, 
the key Klic_n is not generated. 
[0101] At step S65, the license manager 62 couples 
the constant E3, random number Na received at step 
S63, random number Nb generated at step S51 and the 
key Klic__n generated at step S64, to apply the resulting 
coupling data (E3[]NailNb|Klic_n) to the hash function 
MD5 as indicated by the following equation: 

R = MD5(E3flNaflNbflKlicji) 



to generate the response R. If, in this equation of gener- 
ating the response R, the constant E3 is 64 bits, and the 
random numbers Na, Nb and the key Klic_n are 128 
bits, the total number of bits of the coupling data (E3yNaQ 
5 Nb||Klic_n) is 448. On application of the hash function 
MD5, the coupling data (E3|]NaflNb||Klic_n) is com- 
pressed to 128 bits, which are outputted as the 
response R. 

[0102] At step S66, the license manager 62 transmits 

10 the response R to the DVD player 1 . 

[01 03] The firmware 20 of the DVD player I at step S67 
receives the response R transmitted from the license 
manager 62. At step S68, the firmware 20 verifies 
whether or not the response R* obtained on coupling the 

is constant E3, random number Na generated at step S61 , 
random number Nb received at step S53 and the key 
Km_n generated at step S53 and on applying the result- 
ing coupling data (E3|]Na||Nb||Km_n) to the hash function 
MD5 is equal to the response received at step S67. 

20 [01 04] If the generated response R' is not equal to the 
received response R, the firmware 20 verifies that the 
license manager 62 of the personal computer 2 is unau- 
thentic and destructs the received response R to termi- 
nate the authentication processing. 

25 [0105] If the generated response R* is equal to the 
received response R, the firmware 20 proceeds to step 
S69. 

[01 06] The firmware 20 at step S69 couples the con- 
stant number E4, random number Nb received at step 
30 S53, random number Na generated at step S61 and the 
key Km_n generated at step S60 to generate coupling 
data (E4||Nb[|Na|Km_n) to which the hash function MD5 
is applied as indicated by the following equation: 

35 Kab = MD5 (E4flNb||Na||Km__n) 

to generate the key Kab. If, in the equation generating 
the key Kab, the constant E4 is 64 bits, the random 
numbers Na and Nb and the key Klic_n are 128 bits, the 
40 total number of bits of (E4flNb||Na|lKm_n) is 448 bits. By 
application of the hash function MD5, the coupling data 
(E3||Nb[|Na[|Km_n) is compressed to 128 bits, which are 
outputted as the key Kab. 

[0107] At the next step S70, the firmware 20 gener- 
45 ates the session key sk. The firmware 20 at step S71 
encrypts the session key sk by the key generated at 
step S69 by the following processing: 

X = Enc(Kab, sk) 

50 

to generate the encrypted data (encryption key) X. At 
step S72, the firmware 20 transmits the generated 
encryption key X to the personal computer 2. 
[0108] The license manager 62 of the personal com- 
55 puter 2 at step S73 receives the encryption key X. at 
step S74, the license manager 62 couples the constant 
E4, random number Nb generated at step S71 , random 
number Na received at step S63 and the key Klic_n 
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generated at step S64 to generate coupling data (E4q 
NboNa|]Klic_n) to which the hash function MD5 is 
applied in accordance with the equation: 

Kab' = MD5 (E4flNb|NaoKlic_n) s 
to generate the key Kab'. 

[0109] At the next step S75, the license manager 62 
decodes the encryption key X received at step S73, by 
the key Kab' generated at step S74, to calculate the 10 
session key sk' by the following equation: 

sk' = Dec (Kab 1 , x). 



ted to the user via a recording medium, such as a mag- 
netic disc or a CD-ROM, or a transmission medium, 
such asa network, so as to be stored in the enclosed 
RAM or hard disc if so required. 

Claims 

1. An information processing system comprising: 

a first information processing apparatus and a 
second information processing apparatus; said 
first information processing apparatus includ- 
ing 



[01 10] If the same hash function MD5 is used in com- 15 
mon in both the firmware 20 (source) of the DVD player 
1 (source) and the license manager 62 of the personal 
computer 2, the key Kab, generated by the firmware 20 
of the DVD player 1 at the above step S69. has the 
same value as that of the key Kab' generated by the 20 
license manager 62 of the personal computer 2 at the 
above step S74, and hence the following equation: 

Kab = Kab* 

25 

holds. 

[0111] On the other hand, the session key sk', 
obtained on decoding the encryption key X by the 
license manager 62 of the personal computer 2 at the 
above step S75, has the same value as the session key 30 
sk generated by the firmware 20 of the DVD player 1 at 
step S70, and hence the following equation: 

sk' = sk 

: 35 

holds. 

[0112] The key Kab is used for encrypting the session 
key sk, as described above. However, if, in considera- 
tion of the regulations on export, only a shorter bit 
sequence can be used, a new system-common function 40 
F is provided and used to degrade the key. This function 
F needs to be kept in confidentiality in the system. If, as 
a method for this degradation, such function F which 
outputs an XOR (exclusive-OR) of upper 64 bits and 
lower 64 bits for a 128-bit input is used, the 128-bit bit 45 
string can be degraded to a 64-bit bit string. 
[0113] In the foregoing, the DVD player 1 (firmware 
20) is a source, with the personal computer 2 (license 
manager 62) being a sink. However, it is not crucial 
which of the devices is to be a source and which device so 
is to be a sink. The external bus used for interconnect- 
ing the electronic equipments may be any suitable bus 
without being limited to the 1398 serial bus, while the 
electronic equipments connected to the bus may be any 
suitable equipment without being limited to the above- ss 
described embodiment. 

[0114] The computer program for executing the 
above-mentioned various commands may be transmit- 



first storage means for storing a service key 
and a pre-set function; 

first transmission/reception means for transmit- 
ting and receiving data with the second infor- 
mation processing apparatus; 

first intermediate key generating means for 
generating a first intermediate key by applying 
said function to the service key and to the iden- 
tification information proper to the second infor- 
mation processing apparatus received by said 
first transmission/reception means from said 
second information processing apparatus; 

decision key generating means for generating 
a decision key by applying said function n times 
to said first intermediate key, n being an inte- 
ger; 

number of times data transmitting means for 
causing said first transmission/reception 
means to transmit to said second information 
processing apparatus the number of times data 
indicating the number of times said function is 
applied by said decision key generating means 
to said first intermediate key; and 

authentication means for authenticating said 
second information processing apparatus by 
verifying whether or not the decision key is 
equal to the intermediate key information 
received by said first transmission/reception 
means from said second information process- 
ing apparatus; 

said second information processing apparatus 
including 

second storage means for storing the proper 
identification information allocated to itself; a 
license key generated on applying said function 
to said first intermediate key Gb times, where 
Gb is a natural number, version data indicating 



11 



BNSDOCID: <EP 0966127A1_I_> 



21 



EP 0 966 127 A1 



22 



the version of the license key and said pre-set 4. 
function; 

second transmission/reception means for 
sending and receiving data with said first irrfor- s 
mation processing apparatus, second interme- 
diate key generating means for generating the 
second intermediate key by applying said func- 
tion to said license key (n — Gb) times, using 
said number of times data received from said 10 
first information processing apparatus by said 
second transmission/reception means; and 

5. 

intermediate key information transmitting 
means for causing said second transmis- is 
sion/reception means to transmit the intermedi- 
ate key information concerning the second 
intermediate key by said second transmis- 
sion/reception means to said first information 
processing apparatus. 20 

The information processing system according to 
claim 1 wherein said first information processing 
apparatus further includes first value generating 
means for generating a first value and for transmit- 25 
ting the first value by said first transmission/recep- 
tion means to said second information processing 
apparatus; and 

first calculating means for performing calcula- 30 
tions on said decision key, said first value and a 
second value received by said first transmis- 
sion/reception means from said second infor- 
mation processing apparatus to send the 
results of calculations to said authentication 35 
means; and wherein 

said second information processing apparatus 
further includes second value generating 
means for generating the second value and for 40 6. 
transmitting the second value to said first infor- 
mation processing apparatus by said second 
transmission/reception means; and 

second calculation means for performing cal- 45 
culations on said second intermediate key, said 
second value and the first value received by 
said second transmission/reception means 7. 
from said first information processing appara- 
tus, to generate the intermediate key informa- so 
tion of said second intermediate key. 

The information processing system according to 
claim 2 wherein at least one of the first value gener- 
ating means or the second value generating means ss 
is random number generating means for generating 
a random number. 



The information processing system according to 
claim 1 wherein said first information processing 
apparatus includes setting means for setting the 
number of times n of application of said function to 
said first intermediate key by said decision key gen- 
erating means; and wherein 

said decision key generating means generates 
a decision key by applying said function to said 
first intermediate key by n times as set by said 
setting means. 

The information processing system according to 
claim 2 wherein said first information processing 
apparatus includes encrypting key generating 
means for generating an encryption key by applying 
said function to said decision key, said first value 
and the second value if said authentication means 
verifies that the state of equality; 

session key generating means for generating a 
session key; and 

encrypting means for encrypting said session 
key using said encryption key and for transmit- 
ting the encrypted session key to said second 
information processing apparatus; 

said second information processing apparatus 
including decoding key generating means for 
generating a decoding key by applying said 
function to said second intermediate key, said 
first value and the second value; and 

decoding means for decoding said encrypted 
session key, transmitted from the first informa- 
tion processing apparatus, using said decoding 
key. 

The information processing system according to 
claim 1 wherein said second information process- 
ing apparatus further includes authentication 
requesting means for causing said first information 
processing apparatus to transmit authentication 
request data requesting the authentication from 
said second transmission/reception means. 

The information processing system according to 
claim 6 wherein said first information processing 
apparatus further includes identification information 
requesting data transmission means for causing 
said first transmission/reception means to transmit 
identification information requesting transmission of 
said identification information to said second infor- 
mation processing apparatus on reception of said 
authentication requesting data by said first trans- 
mission/reception means from said second trans- 
mission/reception means. 
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8. The information processing system according to 
claim 7 wherein said second information process- 
ing apparatus further includes identification infor- 
mation transmission means for causing the 
identification information to be transmitted from 5 
said second transmission/reception means on 
reception of the identification information request- 
ing data by the second transmission/reception 
means from the first information processing appa- 
ratus. 10 

9. An information processing method in an information 
processing system made up of a first information 
processing apparatus which stores a service key 
and a pre-set function, and a second information is 
processing apparatus which stores the proper iden- 
tification information allocated to itself, a license key 
generated on applying said function to said first 
intermediate key Gb times, where Gb is a natural 
number.version data specifying the version of said 20 
license key, and said pre-set function, comprising: 

an identification information requesting step of 
requesting the identification information proper 
to the second information processing appara- 25 
tus from the first information processing appa- 
ratus to the second information processing 
apparatus; 

an identification information transmis- 30 
sion/reception step of transmitting the identifi- 
cation information proper to the second 
information processing apparatus from the sec- 
ond information processing apparatus for 
reception by said first information processing 35 
apparatus; 

a first intermediate key generating step of 
applying said function in said first information 
processing apparatus to the identification infor- 40 
mation proper to the second information 
processing apparatus, received in said identifi- 
cation information transmission/reception step, 
and on the service key, to generate said first 
intermediate key; 45 

a decision key generating step of generating a 
decision key by applying said function in said 
first information processing apparatus to said 
first intermediate key n times, where n is an so 
integer; 

a number of times data transmission/reception 
step of transmitting the number of times data 
indicating the number of times the function is ss 
applied to the first intermediate key at said 
decision key generating step from said first 
information processing apparatus for reception 



by said second information processing appara- 
tus; 

a second intermediate key generating step of 
generating a second intermediate key Klic_n 
by applying said function to said license key (n 
— Gb) times using the number of times data 
received by said number of times data recep- 
tion step in said second information processing 
apparatus; 

an intermediate key information transmis- 
sion/reception step of transmitting the interme- 
diate key information as the information 
concerning the second intermediate key from 
the second information processing apparatus 
for reception by the first information processing 
apparatus; and 

an authentication step of authenticating said 
second information processing apparatus by 
verifying, at said first information processing 
apparatus, whether or not the decision key is 
equal to the intermediate key information 
received at said intermediate key information 
transmission/reception step. 

10. The information processing method according to 
claim 9 further comprising: 

a first value generating step of generating a 
first value in said first information processing 
apparatus; 

a first value transmission/reception step of 
transmitting said first value from said first infor- 
mation processing apparatus for reception by 
said second information processing apparatus; 

a second value generating step of generating a 
second value in said second information 
processing apparatus; 

a second value transmission/reception step of 
transmitting said second value from said sec- 
ond information processing apparatus for 
reception by said first information processing 
apparatus; 

an intermediate key information generating 
step of generating the intermediate key infor- 
mation for the second intermediate key by per- 
forming calculations in said second information 
processing apparatus on said second interme- 
diate key, said second value and the first value 
received by said first value transmission/recep- 
tion step; and 
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a calculating step of performing calculations in 
said first information processing apparatus on 
said decision key, the first value and the second 
value received at said second value transmis- 
sion/reception step; wherein 

in said intermediate key information transmis- 
sion/reception step, the intermediate key infor- 
mation of said second intermediate key 
generated by said intermediate key information 
generating step is transmitted from said sec- 
ond information processing apparatus for 
reception by said first information processing 
apparatus; and wherein 

in said authentication step, said second infor- 
mation processing apparatus is authenticated 
by verifying at said authentication step whether 
or not the results of calculations in said calcula- 
tion step are equal to the intermediate key 
information received by said intermediate key 
information transmission/reception step. 

11. The information processing method according to 
claim 10 wherein at least one of said first and sec- 
ond values is given as a random number by random 
number generating means. 

12. The information processing method according to 
claim 9 wherein said decision key generating step 
includes a setting sub-step of setting the number of 
times n of application of said function to said first 
intermediate key; 

said decision key generating step generates 
the decision key by applying the function to 
said first intermediate key n times as set in said 
setting step. 

13. An information processing method according to 
claim 10 further comprising: 

an encryption key generating step of generat- 
ing an encryption key by applying said function 
to said decision key, said first value and the 
second value if, in said first information 
processing apparatus, the authentication step 
verifies the state of equality; 

a session generating step of generating a ses- 
sion key in said first information processing 
apparatus; 

an encryption step of encrypting said session 
key in said first information processing appara- 
tus using said encryption key; 

a session key transmission/reception step of 



transmitting said session key encrypted at said 
encrypting step from said first information 
processing apparatus for reception by said sec- 
ond information processing apparatus; 

5 

a decoding key generating step of generating a 
decoding key by applying said function in said 
second information processing apparatus to 
said second intermediate key, said first value 
10 and the second value; and 

a decoding step of decoding said encrypted 
session key received at said session transmis- 
sion/reception step in said second information 
is processing apparatus using said decoding key 

14. The information processing method according to 
claim 9 further comprising:: 

20 an authentication requesting step of transmit- 

ting authentication requesting data from said 
second information processing apparatus to 
said first information processing apparatus. 

25 15. The information processing method according to 
claim 14 wherein, in said identification information 
requesting step, on reception of said authentication 
requesting data from the second information 
processing apparatus, the identification information 

30 requesting data for requesting the transmission of 
said identification information to said second infor- 
mation processing apparatus is transmitted from 
said first transmission/reception means to said sec- 
ond information processing apparatus. 

35 

16. The information processing method according to 
claim 15 wherein, in said identification information 
transmission/reception step, on reception of said 
identification information requesting data from the 
40 first information processing apparatus, said identifi- 
cation information is transmitted from the second 
information processing apparatus to said first infor- 
mation processing apparatus. 

45 17. An information processing apparatus comprising: 

storage means for storing a service key and a 
pre-set function; 

so transmission/reception means for transmitting 

and receiving data with another information 
processing apparatus; 

intermediate key generating means for gener- 
55 ating an intermediate key by applying said 

function to the identification information proper 
to said other information processing apparatus, 
received by said reception means, from said 
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another information processing apparatus, and 
to said service key, to generate an intermediate 
key; 

decision key generating means for generating 
a decision key by applying said function to said 
intermediate key n times, where n is an integer; 

number of times data transmitting means for 
causing said transmission/reception means to 
transmit to said other information processing 
apparatus the number of times data indicating 
the number of times of application of said func- 
tion to said intermediate key by said decision 
key generating means; and 

authentication means for authenticating said 
other information processing apparatus by ver- 
ifying whether or not the decision key and the 
intermediate key information received by said 
transmission/reception means from said other 
information processing apparatus are equal to 
each other. 

18. The information processing apparatus according to 
claim 17 further comprising: 

first value generating means for generating a 
first value and for causing said transmis- 
sion/reception means to transmit said first 
value to said other information processing 
apparatus; and 

calculation means for performing calculations 
on said decision key, said first value and a sec- 
ond value received by said first transmis- 
sion/reception means to send the results of 
calculations to said authentication means. 

19. The information processing apparatus according to 
claim 18 wherein said first value generating means 
is random number generating means for generating 
a random number. 

20. The information processing apparatus according to 
claim 1 7 further comprising: 

setting means for setting the number of times n 
of application of said function 
to said intermediate key; 

said decision key generating means generating 
a decision key by applying said function to said 
intermediate key n times as set by said setting 
means. 

21. The information processing apparatus according to 
claim 18 further comprising: 



encryption key generating means for generat- 
ing an encryption key by applying said function 
to said decision key, said first value and the 
second value if said authentication means ver- 
5 if ies the state of equality; 

session key generating means for generating a 
session key; and 

10 encrypting means for encrypting said encryp- 

tion key to transmit the encrypted session key 
to said other information processing apparatus. 

22. The information processing apparatus according to 
r5 claim 21 further comprising: 

identification information requesting data trans- 
mission means for causing said first transmis- 
sion/reception means to transmit identification 

20 information requesting data requesting trans- 

mission of the identification information to said 
other information processing apparatus on 
reception of authentication requesting data 
from said other information processing appara- 

25 tus by said transmission/reception means. 

23. An information processing method comprising: 

an identification information reception step of 
30 requesting the identification information proper 

to another information processing apparatus to 
said other information processing apparatus to 
receive the identification information; 

35 a first intermediate key generating step of gen- 

erating a first intermediate key by applying a 
pre-set function to the identification information 
proper to said other information processing 
apparatus and the service key received by said 

40 identification information reception step; 

a decision key generating step of generating a 
decision key by applying said function to said 
first intermediate key n times, n being an inte- 
45 ger; 

a number of times data transmitting step of 
transmitting to said other information process- 
ing apparatus the number of times data indicat- 
so ing the number of times of application of said 

function to said first intermediate key at said 
decision key generating step; 

an intermediate key information receiving step 
55 of receiving the intermediate key information 

generated based on the number of times data 
by said other information processing appara- 
tus; and 
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an authentication step of authenticating said 
other information processing apparatus by ver- 
ifying whether or not said decision key is equal 
to said intermediate key information received 
by said intermediate key information receiving 5 
step. 



an encryption key generating step of generat- 
ing an encryption key by applying said function 
to said decision key, said first value and the 
second value if, in said first information 
processing step, the authentication step veri- 
fies equality; 



24. The information processing method according to 
claim 23 further comprising: 

a first value generating step of generating a 
first value; 

a first value transmitting step of transmitting 
said first value to said other information 
processing apparatus; 



a session generating step of generating a ses- 
sion key; 

10 

an encryption step of encrypting said session 
key using said encryption key; and 

a session key transmission/reception step of 
75 transmitting said session key encrypted at said 

encrypting step. 



a second value reception step of receiving a 
second value transmitted from said other infor- 
mation processing apparatus; and 

a calculating step of performing calculations on 
said decision key, said first value and the sec- 
ond value received by said second value 
reception step; 

said intermediate key information transmis- 
sion/reception step receiving the intermediate 
key information generated in said other infor- 
mation processing apparatus based on said 
second intermediate key, said second value 
and the first value; 

said authentication step authenticating said 
second information processing apparatus 
based on the results of calculations in said cal- 
culation step and by verifying whether or not 
the results of calculations at said calculating 
step, said decision key and the intermediate 
key received at said intermediate key informa- 
tion receiving step are equal to each other. 

25. The information processing method according to 
claim 24 wherein said first value is given as a ran- 
dom number by random number generating means. 

26. The information processing method according to 
claim 23 wherein said decision key generating step 
includes a setting sub-step of setting the number of 
times n of application of said function to aid first 
intermediate key; 

said decision key generating step generating 
the decision key by applying the function n 
times as set in said setting step. 

27. The information processing method according to 
claim 24 further comprising: 



28. The information processing method according to 
claim 27 wherein, in said identification information 

20 requesting step, on reception of authentication 
requesting data from said other information 
processing apparatus, identification information 
requesting data for requesting transmission of the 
identification information to said other information 

25 processing apparatus is transmitted to said other 
information processing apparatus. 

29. An information processing apparatus comprising: 

30 storage means for storing the proper identifica- 

tion information assigned to itself, a license key 
generated by applying a pre-set function Gb 
times, Gb being a natural number, to a first 
intermediate key.version data specifying said 

35 license key and said pre-set function; 

transmission/reception means for transmitting 
and receiving data with another information 
processing apparatus; 

40 

second intermediate key generating means for 
generating a second intermediate key by 
applying said function to said license key (n — 
Gb) times using said number of times data 
45 received from said other information process- 

ing apparatus by said transmission/reception 
means; and 

intermediate key information transmitting 
so means for transmitting the intermediate key 

information as the information on said second 
intermediate key by said second transmis- 
sion/reception means to said first information 
processing apparatus. 

55 

30. The information processing apparatus according to 
claim 29 comprising: 
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second value generating means for generating 
a second value and transmitting said second 
value by said second transmission/reception 
means to said first information processing 
apparatus; and 5 

calculating means for performing calculations 
on the second intermediate key, said second 
value and the first value received from said 
other information processing apparatus by said 10 
transmission/reception means to generate the 
intermediate key information on said second 
intermediate key. 

31 . The information processing apparatus according to 15 
claim 30 wherein said second value generating 
means is random number generating means for 
generating a random number. 

32. The information processing apparatus according to 20 
claim 29 further comprising: 

authentication requesting means for causing 
authentication requesting data to be transmit- 
ted from said transmission/reception means to 25 
said other information processing apparatus. 

33. The information processing apparatus according to 
claim 29 further comprising: 

30 

identification information transmitting means 
for causing the identification information to be 
transmitted from the transmission/reception 
means on reception of said identification infor- 
mation requesting data from said transmis- 35 
sion/reception means by the trans- 
mission/reception means. 

34. An information processing method comprising: 

40 

an identification information transmitting step of 
transmitting the proper identification informa- 
tion assigned to an own information processing 
apparatus to another information processing 
apparatus; 45 

a number of times data receiving step of receiv- 
ing from said other information processing 
apparatus number of times data n of applying a 
pre-set function to said identification informa- so 
tion and to a service key, where n is an integer, 
for generating said first intermediate key in said 
other information processing apparatus; 

a second intermediate key generating step of 55 
generating a second intermediate key Klic_n 
by applying said function (n — Gb) times, using 
number of times data received in said number 



of times data receiving step, to a license key 
generated by applying said function Gb times 
to said first intermediate key, Gb being a natu- 
ral number; and 

an intermediate key information transmis- 
sion/reception step of transmitting the interme- 
diate key information as the information on said 
second intermediate key. 

35. The information processing method according to 
daim 34 further comprising: 

a first value receiving step of receiving a first 
value from said other information processing 
apparatus; 

a second value transmission/reception step of 
generating a second value; 

a second value transmission/reception step of 
transmitting said second value to said other 
information processing apparatus; and 

an intermediate key information generating 
step of generating the intermediate key infor- 
mation of said second intermediate key by per- 
forming calculations on said second value and 
said first value received by said first value 
transmission/reception step; 

said intermediate key information transmis- 
sion/reception step transmitting the intermedi- 
ate key information on said second 
intermediate key generated by said intermedi- 
ate key information generating step to said 
other information processing apparatus. 

36. The information processing method according to 
claim 35 wherein said second value is given as a 
random number from random number generating 
means. 

37. The information processing method according to 
claim 35 comprising: 

a session key transmission/reception step for 
receiving from said first information processing 
apparatus a session key encrypted using an 
encryption key generated by applying said 
function to said decision key, said first value 
and to the second key; 

a decoding key generating step of generating a 
decoding key by applying said function to said 
second intermediate key, said first value and to 
the second value; and 
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a decoding step of decoding said encrypted 
session key received in said session key trans- 
mission/reception step, using said decoding 
key. 

5 

38. The information processing method according to 
claim 34 further comprising: 

an authentication requesting step of transmit- 
ting authentication requesting data for request- 10 
ing the authentication to said first information 
processing apparatus. 39. The information 
processing method according to claim 38 
wherein said identification information trans- 
mission/reception step transmits the identif ica- is 
tion information to said first information 
processing apparatus on reception of identifi- 
cation information requesting data from said 
other information processing apparatus. 

20 
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